Bugzilla – Attachment 3351 Details for
Bug 2468
Option to include external files to sshd_config
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
regress patch
sshd_config_include_regress.diff (text/plain), 4.41 KB, created by
Damien Miller
on 2020-01-24 15:54:46 AEDT
(
hide
)
Description:
regress patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2020-01-24 15:54:46 AEDT
Size:
4.41 KB
patch
obsolete
>commit a847ecb6b19f5c28078b25a6f74490734d0fb4bb >Author: Damien Miller <djm@mindrot.org> >Date: Fri Jan 24 15:53:43 2020 +1100 > > regress test for sshd_config Include directive > > from Jakub Jelen with minor tweaks from me > >diff --git a/Makefile b/Makefile >index 20da666..b697af1 100644 >--- a/Makefile >+++ b/Makefile >@@ -78,6 +78,7 @@ LTESTS= connect \ > principals-command \ > cert-file \ > cfginclude \ >+ servcfginclude \ > allow-deny-users \ > authinfo \ > sshsig >@@ -108,7 +109,7 @@ CLEANFILES+= *.core actual agent-key.* authorized_keys_${USERNAME} \ > sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ > ssh-rsa_oldfmt \ > ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ >- ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \ >+ ssh_proxy_envpass sshd.log sshd_config sshd_config.* \ > sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \ > t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \ > t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ >diff --git a/servcfginclude.sh b/servcfginclude.sh >new file mode 100644 >index 0000000..b25c8fa >--- /dev/null >+++ b/servcfginclude.sh >@@ -0,0 +1,154 @@ >+# Placed in the Public Domain. >+ >+tid="server config include" >+ >+cat > $OBJ/sshd_config.i << _EOF >+HostKey $OBJ/host.ssh-ed25519 >+Match host a >+ Banner /aa >+ >+Match host b >+ Banner /bb >+ Include $OBJ/sshd_config.i.* >+ >+Match host c >+ Include $OBJ/sshd_config.i.* >+ Banner /cc >+ >+Match host m >+ Include $OBJ/sshd_config.i.* >+ >+Match Host d >+ Banner /dd >+ >+Match Host e >+ Banner /ee >+ Include $OBJ/sshd_config.i.* >+ >+Match Host f >+ Include $OBJ/sshd_config.i.* >+ Banner /ff >+ >+Match Host n >+ Include $OBJ/sshd_config.i.* >+_EOF >+ >+cat > $OBJ/sshd_config.i.0 << _EOF >+Match host xxxxxx >+_EOF >+ >+cat > $OBJ/sshd_config.i.1 << _EOF >+Match host a >+ Banner /aaa >+ >+Match host b >+ Banner /bbb >+ >+Match host c >+ Banner /ccc >+ >+Match Host d >+ Banner /ddd >+ >+Match Host e >+ Banner /eee >+ >+Match Host f >+ Banner /fff >+_EOF >+ >+cat > $OBJ/sshd_config.i.2 << _EOF >+Match host a >+ Banner /aaaa >+ >+Match host b >+ Banner /bbbb >+ >+Match host c >+ Banner /cccc >+ >+Match Host d >+ Banner /dddd >+ >+Match Host e >+ Banner /eeee >+ >+Match Host f >+ Banner /ffff >+ >+Match all >+ Banner /xxxx >+_EOF >+ >+trial() { >+ _host="$1" >+ _exp="$2" >+ _desc="$3" >+ test -z "$_desc" && _desc="test match" >+ trace "$_desc host=$_host expect=$_exp" >+ ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \ >+ -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || >+ fatal "ssh config parse failed: $_desc host=$_host expect=$_exp" >+ _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'` >+ if test "x$_exp" != "x$_got" ; then >+ fail "$desc_ host $_host include fail: expected $_exp got $_got" >+ fi >+} >+ >+trial a /aa >+trial b /bb >+trial c /ccc >+trial d /dd >+trial e /ee >+trial f /fff >+trial m /xxxx >+trial n /xxxx >+trial x none >+ >+# Prepare an included config with an error. >+ >+cat > $OBJ/sshd_config.i.3 << _EOF >+Banner xxxx >+ Junk >+_EOF >+ >+trace "disallow invalid config host=a" >+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ >+ -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \ >+ fail "sshd include allowed invalid config" >+ >+trace "disallow invalid config host=x" >+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \ >+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ >+ fail "sshd include allowed invalid config" >+ >+rm -f $OBJ/sshd_config.i.* >+ >+# Ensure that a missing include is not fatal. >+cat > $OBJ/sshd_config.i << _EOF >+HostKey $OBJ/host.ssh-ed25519 >+Include $OBJ/sshd_config.i.* >+Banner /aa >+_EOF >+ >+trial a /aa "missing include non-fatal" >+ >+# Ensure that Match/Host in an included config does not affect parent. >+cat > $OBJ/sshd_config.i.x << _EOF >+Match host x >+_EOF >+ >+trial a /aa "included file does not affect match state" >+ >+# Ensure the empty include directive is not accepted >+cat > $OBJ/sshd_config.i.x << _EOF >+Include >+_EOF >+ >+trace "disallow invalid with no argument" >+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \ >+ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ >+ fail "sshd allowed Include with no argument" >+ >+# cleanup >+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out >diff --git a/test-exec.sh b/test-exec.sh >index 065bc64..b0402ef 100644 >--- a/test-exec.sh >+++ b/test-exec.sh >@@ -135,6 +135,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP > > chmod a+rx $OBJ/ssh-log-wrapper.sh > REAL_SSH="$SSH" >+REAL_SSHD="$SSHD" > SSH="$SSHLOGWRAP" > > # Some test data. We make a copy because some tests will overwrite it.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3351">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2468
:
2706
|
2869
|
3223
|
3250
|
3333
|
3350
| 3351